CN115080977B - Security vulnerability defending method, system, computer equipment and storage medium - Google Patents

Security vulnerability defending method, system, computer equipment and storage medium Download PDF

Info

Publication number
CN115080977B
CN115080977B CN202210484476.1A CN202210484476A CN115080977B CN 115080977 B CN115080977 B CN 115080977B CN 202210484476 A CN202210484476 A CN 202210484476A CN 115080977 B CN115080977 B CN 115080977B
Authority
CN
China
Prior art keywords
security
vulnerability
hole
detection result
task
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210484476.1A
Other languages
Chinese (zh)
Other versions
CN115080977A (en
Inventor
翟坤
李国征
朱青春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiehui Technology Co Ltd
Original Assignee
Beijing Jiehui Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiehui Technology Co Ltd filed Critical Beijing Jiehui Technology Co Ltd
Priority to CN202210484476.1A priority Critical patent/CN115080977B/en
Publication of CN115080977A publication Critical patent/CN115080977A/en
Application granted granted Critical
Publication of CN115080977B publication Critical patent/CN115080977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a security vulnerability defense method, a security vulnerability defense system, computer equipment and a storage medium, wherein the security vulnerability defense method comprises the following steps: s1: detecting a system to be detected and outputting a detection result; s2: judging whether the detection result contains security holes or not, and if the detection result contains at least one security hole, performing hole analysis according to each security hole and generating a corresponding security task; s3: and respectively starting the security tasks to defend the security holes, and retesting the security holes in response to the repair identifications of the security holes. The problems that the safety detection tool in the prior art is single in function, needs to be used in a combined mode, cannot directly repair the security hole, and cannot adapt and expand when facing complex business scenes are solved. The efficiency of detecting the security hole and repairing the security hole is improved, and the life cycle of managing the security hole is shortened.

Description

Security vulnerability defending method, system, computer equipment and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a security vulnerability defense method, a security vulnerability defense system, a computer device, and a storage medium.
Background
With the rapid development of the internet and terminal devices, in order to meet the demands of users, various applications need to be installed in the terminal devices. In order to ensure the security of the terminal device and the user information, security detection needs to be performed on various application programs. For example, in the chinese patent document, a vulnerability detection method is described in application number cn20201101399154. X, which is named as a vulnerability detection method, device, electronic apparatus and storage medium, and includes: responding to an event of testing an application server, and acquiring access flow generated by the application server; establishing a vulnerability detection task according to the access flow; and scanning the application server according to the vulnerability detection task to obtain a vulnerability detection result. Although the application can find that a common type vulnerability which is not found for a long time exists in the application server during the application function test, the application has the problems that a security detector is single, only the access flow generated by the application server can be detected, and the detected security vulnerability cannot be repaired.
In the chinese patent document, an application number CN202110454247.0 entitled "a method, an apparatus, and an electronic device for detecting security of an application program" describes a method for detecting security of an application program, including: receiving an installation package of a target application program of a current detection task, and determining a preset operation time length, task attributes and a target mobile terminal; sending an installation request carrying an installation package of the target application program to the target mobile terminal; if the task attribute of the detection task is a dynamic detection task, generating a pseudo-random user event stream, and sending the pseudo-random user event stream to a target application program installed on the target mobile terminal; capturing all feedback data aiming at the pseudo-random user event stream sent by the target mobile terminal in real time, and if the feedback data comprises interface request data of the target application program, forwarding the interface request data of the target application program to a dynamic security detection tool for penetration test; and stopping the penetration test and generating a dynamic security test report when the execution time of the pseudo-random user event stream reaches the preset operation time. The application solves the problems that in the prior art, safety test tools for safety detection of application programs are single in function and need to be used in combination, and cannot be adapted and expanded when facing complex service scenes, but the problem that the detected security holes cannot be retested exists.
In the chinese patent document, a patent application number CN202011514588.4 entitled "security arrangement and response system based on big data and AI drive and method thereof", describes a security arrangement and response system based on big data and AI drive, which comprises the following modules: and a safety analysis module: various external data sources are obtained in a compatible way, and real-time analysis and statistical analysis are performed by the multiple operator models; a security orchestration and automation module: the method comprises the steps of correspondingly processing the security capability and the security event to form a script library, generating a corresponding work order based on the work order of the script library, and circulating and disposing the security task through the work order so as to facilitate unified scheduling and management; and the safe operation management module: the system comprises a case management module, an alarm management module and a work order management module, wherein the case management module, the alarm management module and the work order management module are provided with alarm management to realize alarm association evidence collection, the work order management is used for realizing unified scheduling and management of work orders, and the case management is combined with security arrangement so as to trace source evidence collection investigation. The application further improves automation of security detection of the application, but also has the problem that the detected security holes cannot be repaired.
Disclosure of Invention
To solve at least one of the above problems, a first embodiment of the present invention provides a security breach defense method, including:
s1: detecting a system to be detected and outputting a detection result;
s2: judging whether the detection result contains security holes or not, and if the detection result contains at least one security hole, performing hole analysis according to each security hole and generating a corresponding security task;
s3: and respectively starting the security tasks to defend the security holes, and retesting the security holes in response to the repair identifications of the security holes.
In a specific embodiment, the step S1 further includes:
s11: and scanning the program codes of the system to be tested according to the preset safety use case and outputting a first detection result.
In a specific embodiment, the step S2 further includes:
s21: importing the first detection result into a preset vulnerability analysis model and outputting a first vulnerability analysis result, wherein the first vulnerability analysis result comprises a vulnerability position corresponding to the security vulnerability;
s22: generating a security task corresponding to the security vulnerability according to a preset vulnerability comparison table and the vulnerability position, wherein the security task comprises a push address corresponding to the security vulnerability.
In a specific embodiment, the step S3 further includes:
s31: pushing the corresponding security hole according to the push address to repair the security hole.
In a specific embodiment, the security vulnerability defense method further includes:
and presenting the detection result, the security hole, the security task and the defending result through a visual operation interface.
In a specific embodiment, the step S1 further includes:
s12: actively attacking the system to be detected according to a preset threat use case and outputting a second detection result; and/or
S13: and detecting the system to be tested in response to the input test instruction and outputting a third detection result.
In a specific embodiment, before the step S1, the security hole defending method further includes: formulating a security detection event of the system to be tested based on threat management;
the step S1 further comprises the following steps: and detecting the system to be detected periodically based on the safety detection event.
A second embodiment of the present invention provides a security breach defense system, including a detection unit, a breach analysis unit, and a control unit configured to:
s1: the control detection unit detects the system to be detected and outputs a detection result;
s2: judging whether the detection result contains security holes or not, if the detection result contains at least one security hole, performing hole analysis on each security hole by using a hole analysis unit and generating a corresponding security task;
s3: and respectively starting the security tasks to defend the security holes, and retesting the security holes in response to the repair identifications of the security holes.
A third embodiment of the invention provides a computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements a method according to any of the first embodiments.
A fourth embodiment of the invention provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any of the first embodiments when executing the program.
The beneficial effects of the invention are as follows:
aiming at the existing problems at present, the invention establishes a security vulnerability defense method, a security vulnerability defense system, a security vulnerability detection system, a computer device and a storage medium, and performs vulnerability analysis according to the detection result and generates a corresponding security task to defend the security vulnerability, thereby forming a closed-loop defense of detecting the security vulnerability, generating the security task, starting the security task to perform vulnerability pushing, modifying the vulnerability and retesting, and solving the problems that the security detection tool in the prior art has single function, needs to be combined for use, cannot directly repair the security vulnerability, and cannot be adapted and expanded when facing complex business scenes. The efficiency of detecting the security hole and repairing the security hole is improved, and the life cycle of managing the security hole is shortened.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic block flow diagram of a security vulnerability defense method according to one embodiment of the invention;
FIG. 2 is a schematic block flow diagram of a security breach defense method according to another embodiment of the present invention;
FIG. 3 is a diagram of a security detection event formulation interface of the system under test according to one embodiment of the present invention;
FIG. 4 is a schematic diagram of a security breach defense system according to one embodiment of the present invention;
fig. 5 shows a schematic structural diagram of a computer device according to another embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the present invention, the present invention will be further described with reference to preferred embodiments and the accompanying drawings. Like parts in the drawings are denoted by the same reference numerals. It is to be understood by persons skilled in the art that the following detailed description is illustrative and not restrictive, and that this invention is not limited to the details given herein.
As described in the background section, there are a number of problems with current security detection, first: the security detector is single, most detection tools (such as Drozer) can only support static code detection, and in this way, penetration test cannot be performed on a user request, missing detection is easy to cause, and vulnerability information cannot be intuitively displayed. Second,: the security detection platform (such as 360app vulnerability scanning) needs to upload a software installation package and the like to a third-party external platform, so that potential safety hazards such as leakage or malicious decompilation of an un-published app are easily generated. Third,: safety testing tools are various, a tester is required to deploy a safety testing environment in a local machine, the process is complex, and effective utilization of environment resources and sharing of mobile phone equipment cannot be achieved. Fourth,: the safety test report cannot be managed and stored uniformly, the history report result cannot be checked, a special space needs to be opened up for manual storage and maintenance, the efficiency is low, and the time consumption is high. In summary, the existing security detection has low efficiency and large workload, and the security test tool has single function, needs to be used in combination, cannot directly repair security vulnerabilities, and cannot adapt and expand when facing complex business scenes.
In view of the foregoing, as shown in fig. 1, one embodiment of the present invention provides a security breach defense method, which may be executed on an application device. Moreover, the method can be executed by one application device or can be executed by a plurality of application devices in cooperation. The method comprises the following steps:
s1: detecting a system to be detected and outputting a detection result;
s2: judging whether the detection result contains security holes or not, and if the detection result contains at least one security hole, performing hole analysis according to each security hole and generating a corresponding security task;
s3: and respectively starting the security tasks to defend the security holes, and retesting the security holes in response to the repair identifications of the security holes.
According to the embodiment, by detecting the system to be detected and outputting the detection result, performing vulnerability analysis according to the detection result and generating the corresponding security task to defend the security vulnerability, the closed-loop defense of detecting the security vulnerability, generating the security task, starting the security task to perform vulnerability pushing, modifying the vulnerability and retesting is formed, and the problems that the security detection tool in the prior art is single in function, needs to be used in a combined mode, cannot repair the security vulnerability directly, and cannot adapt and expand when facing complex business scenes are solved. The efficiency of detecting the security hole and repairing the security hole is improved, and the life cycle of managing the security hole is shortened.
In one specific example, the vulnerability detection of the system under test is described.
First, S1: and detecting the system to be detected and outputting a detection result.
In this embodiment, the system to be tested may be an application program, a web page or other systems, and the application device is used to scan the system to be tested to detect whether the system to be tested has a security hole, and output a detection result for subsequent repair.
In an alternative embodiment, the step S1 further includes:
s11: and scanning the program codes of the system to be tested according to the preset safety use case and outputting a first detection result.
In this embodiment, the security case may be a java package, and the java package is operated to scan a program code of the system to be tested and output a first detection result, where the first detection result may be a jason string so as to analyze the first detection result later. Therefore, the closed-loop defense of detecting the security hole, carrying out hole analysis on the security hole, generating a security task, starting the security task to carry out hole pushing, modifying the hole and retesting is formed, and the problems that the security detection tool in the prior art is single in function, needs to be used in a combined mode, cannot directly repair the security hole, and cannot adapt and expand when facing complex service scenes are solved.
Second, S2: judging whether the detection result contains security holes or not, and if the detection result contains at least one security hole, performing hole analysis according to each security hole and generating corresponding security tasks.
In this embodiment, by analyzing the jason string, it is determined whether the first detection result includes a security hole, if at least one security hole is included, performing hole analysis according to each security hole and generating a corresponding security task, so that a responsible person for subsequent research and development repairs the security hole, thereby forming a closed-loop defense of detecting the security hole, performing hole analysis on the security hole and generating a security task, starting the security task to perform hole pushing, modifying the security task and retesting, and solving the problems that in the prior art, the security detection tool has single function and needs to be used in combination, cannot repair the security hole directly, and cannot adapt and expand when facing a complex service scene.
In an alternative embodiment, as shown in fig. 2, the step S2 further includes:
s21: importing the first detection result into a preset vulnerability analysis model and outputting a first vulnerability analysis result, wherein the first vulnerability analysis result comprises a vulnerability position corresponding to the security vulnerability;
s22: generating a security task corresponding to the security vulnerability according to a preset vulnerability comparison table and the vulnerability position, wherein the security task comprises a push address corresponding to the security vulnerability.
In this embodiment, the jason string is imported into a preset vulnerability analysis model and outputs a first vulnerability analysis result, if the system to be tested includes a security vulnerability, the first vulnerability analysis result includes a vulnerability position corresponding to the security vulnerability, a security task corresponding to the security vulnerability is generated according to information of a research and development responsible person of the security vulnerability and the vulnerability position found from a preset vulnerability comparison table, the security task includes a push address corresponding to the security vulnerability, so that a subsequent research and development responsible person repairs the security vulnerability, thereby forming a closed loop for detecting the security vulnerability, performing vulnerability analysis on the security vulnerability, generating a security task, starting a security task, performing vulnerability push, modifying the vulnerability and retesting, improving efficiency of detecting the security vulnerability and repairing the security vulnerability, and shortening a life cycle of managing the security vulnerability.
Finally, S3: and respectively starting the security tasks to defend the security holes, and retesting the security holes in response to the repair identifications of the security holes. In this embodiment, the research and development responsible person repairs the security hole according to the security task and retests the security hole, thereby improving the efficiency of detecting the security hole and repairing the security hole and shortening the life cycle of managing the security hole.
In an alternative embodiment, the step S3 further includes:
s31: pushing the corresponding security hole according to the push address to repair the security hole.
In this embodiment, the research and development responsible person finds the security hole and repairs the security hole according to the push address provided in the security task, and generates the repair identifier so as to retest the subsequent test researchers, thereby further improving the automation degree of security hole defense, realizing the closed-loop defense of the security hole, and shortening the life cycle of managing the security hole.
In order to further describe the specific implementation manner of this embodiment, taking the security hole as the system to be tested as an example, a test library with bug (error in computer program) is cited, where the test library is a pre-written code set, and the above security hole defending method is described below:
firstly, detecting a system to be detected and outputting a detection result. Specific:
and running a preset java package to scan the program code of the system to be tested and outputting a jack string as a first detection result.
Then, judging whether the first detection result contains security holes, if so, performing hole analysis according to each security hole and generating corresponding security tasks, and specifically:
and importing the jason string into a preset vulnerability analysis model for analysis, judging whether the jason string contains a security vulnerability or not, and outputting a first vulnerability analysis result, wherein if the first vulnerability analysis result shows that the security vulnerability is absent, a corresponding security task is not required to be generated.
If the first vulnerability analysis result shows that a test library with bug is quoted in at least one place of the system to be tested, the first vulnerability analysis result further comprises a position corresponding to the test library, and a security task corresponding to the security vulnerability is generated according to a preset test library responsible person comparison table and the position of the test library, wherein the security task comprises a push address corresponding to the security vulnerability and a research and development responsible person of the security vulnerability.
And finally, respectively starting the security tasks to defend the security holes. Specific:
and finding out the position corresponding to the test library with the bug by the research and development responsible person of the security vulnerability according to the push address to repair the bug, generating a modification identifier, pushing the position corresponding to the test library to the test responsible person, and retesting the security vulnerability by the test responsible person according to the modification identifier.
In this embodiment, a security task is automatically generated according to a preset vulnerability comparison table and a first vulnerability analysis result, and is pushed to a research and development responsible person according to the vulnerability comparison table, after the research and development responsible person completes repairing, a modification identifier is generated and pushed to a test responsible person for retesting, so that the automation degree of security vulnerability defense is further improved, and closed loop defense of security vulnerabilities is realized.
It may be appreciated that in this embodiment, the open source tool may be invoked to detect a system to be detected and output a detection result, where the detection result may not include a security hole, and when the detection result does not include a security hole, it is not necessary to generate a security task to defend the security hole; one or more security holes can be included, when one or more security holes are included, corresponding security tasks are generated for each security hole according to detection results to defend the security holes, so that closed-loop defense is formed, wherein the security holes are detected, the security holes are analyzed, security tasks are generated, the security tasks are started to push the holes, the holes are modified and retested, and the problems that in the prior art, the security detection tool is single in function and needs to be used in a combined mode, the security holes cannot be repaired directly, and in the face of complex business scenes, adaptation and expansion cannot be achieved are solved. The efficiency of detecting the security hole and repairing the security hole is improved, and the life cycle of managing the security hole is shortened.
It should be noted that, the system to be tested is not limited in particular, and may be an application program, a web page or other systems.
It will be appreciated that the above examples are only examples listed for better understanding of the technical solution of the embodiments of the present invention, and are not to be construed as the only limitation of the embodiments of the present invention.
Considering that the system under test may not only have security holes, but also may be attacked illegally, in an alternative embodiment, the step S1 further includes:
s12: actively attacking the system to be detected according to a preset threat use case and outputting a second detection result;
in this embodiment, the preset threat use case may be a zap tool, by using the zap tool to perform a simulation attack on the system to be tested and output a second detection result, by analyzing the second detection result, determine whether the system to be tested can resist an external illegal attack, if so, the system to be tested cannot resist the external attack, generate a corresponding security task and send the security task to a research and development responsible person, the research and development responsible person repairs the security task to make the system to be tested resist the external attack, then generate a modification identifier, and then send the problem that the system to be tested cannot resist the illegal attack and the modification identifier to a testing responsible person, where the testing responsible person retests the security hole according to the modification identifier. Therefore, the problems that the safety detection tool in the prior art is single in function and needs to be used in a combined mode, the safety loopholes cannot be repaired directly, and in the face of complex service scenes, the safety of a system to be detected cannot be adapted and expanded are solved, and the system to be detected is prevented from being threatened by the outside.
In another alternative embodiment, the step S1 further includes:
s13: and detecting the system to be tested in response to the input test instruction and outputting a third detection result.
In this embodiment, the test instruction may be a test instruction for testing whether the program code of the system to be tested leaks, by responding to the test instruction for testing whether the program code of the system to be tested leaks, detecting the system to be tested, and outputting a third detection result, by analyzing the third detection result, judging whether the program code of the system to be tested leaks, if the program code of the system to be tested has leaked, generating a corresponding security task to push to a research and development responsible person, repairing the research and development responsible person to make the system to be tested unable to be illegally obtained, thereby avoiding leakage to a public platform and causing loss, then generating a modification identifier, and pushing the problem of the program code of the system to be tested and the modification identifier to the test responsible person, and the test responsible person retests the security hole according to the modification identifier. Therefore, the problems that the safety detection tool in the prior art is single in function and needs to be used in a combined mode, the safety loophole cannot be repaired directly, and in the face of a complex service scene, adaptation and expansion cannot be achieved are solved, the safety of a system to be detected is improved, and illegal decompilation and external leakage of system information to be detected which is not transmitted are avoided.
In another alternative embodiment, the S1 further includes:
s12: actively attacking the system to be detected according to a preset threat use case and outputting a second detection result;
s13: and detecting the system to be tested in response to the input test instruction and outputting a third detection result.
In this embodiment, by actively attacking the to-be-detected system according to a preset threat use case and outputting a second detection result, and detecting the to-be-detected system in response to an input test instruction and outputting a third detection result, the problems that in the prior art, a security detection tool has single function and needs to be used in combination, cannot directly repair security holes, cannot adapt and expand when facing complex service scenes are solved, the security of the to-be-detected system is improved, and illegal attack of the to-be-detected system and illegal decompilation and external leakage of information of the to-be-detected system which is not issued are avoided.
It should be noted that, in the foregoing embodiment, the server running the security hole defending method and the server running the system to be tested may be the same server or different servers, and when the server running the security hole defending method and the server running the system to be tested are different servers, the security hole defending method further includes that the ssh tool is used to connect the server running the security hole defending method to an ip address storing the server of the system to be tested, so that the server running the security hole defending method invokes the preset security use case or the preset threat use case to detect the system to be tested, and stores a detection result to the server running the security hole defending method.
In a specific embodiment, the security vulnerability defense method further includes:
and presenting the detection result, the security hole, the security task and the defending result through a visual operation interface.
In this embodiment, the detection result, the security hole, the security task and the defense result are presented through a visual operation interface, where the detection result may be that the system to be tested has no security hole, or may include one or more security holes. The security hole may be a security hole discovered after the program code of the system to be tested is scanned, may be a security hole discovered by actively attacking the system to be tested according to a preset threat use case, or may be a security hole discovered by detecting the system to be tested according to an input test instruction. The security task may be a repair task performed corresponding to a security hole found after the program code of the system to be tested is scanned, may be a repair task performed corresponding to a security hole found by actively attacking the system to be tested according to a preset threat use case, or may be a repair task performed corresponding to a security hole found by detecting the system to be tested according to an input test instruction. The defending results may include repair results, repair identifications, and retest results for discovered security vulnerabilities.
It can be understood that if the detection result is that the system to be detected has no security hole, the corresponding security task and the defense result are not generated any more.
In a specific embodiment, the step S1 further includes:
s14: and monitoring the access flow of the system to be tested according to a preset flow monitoring use case and outputting a fourth detection result.
In this embodiment, the preset traffic monitoring cases may be some websites or ips that are prohibited from being accessed, for example, when the system to be tested is an office system of a certain company, the preset traffic monitoring cases may be video websites or shopping websites, and whether the system to be tested has abnormal traffic is determined according to the output fourth detection result.
In a specific embodiment, before the step S1, the security hole defending method further includes: formulating a security detection event of the system to be tested based on threat management;
the step S1 further comprises the following steps: and detecting the system to be detected periodically based on the safety detection event.
In this embodiment, the security vulnerability defense method may further include formulating a security detection event of the system under test based on threat management, where formulating the security detection event includes, as shown in fig. 3: and selecting a script at a security detection event making interface to regularly call a preset security use case or a preset threat use case to detect the system to be detected, setting script running conditions such as running time, frequency and ending conditions of the script, setting a pushing mode of a security task and the like, so that the security vulnerability defense method can be regularly operated to detect the system to be detected, and a security report generated by a detection result can be regularly pushed to a research and development responsible person. The automation degree of the security hole defense method and the efficiency of detecting and repairing the security holes are further improved, and the life cycle interaction degree of managing the security holes is shortened.
Corresponding to the security vulnerability defense method provided in the foregoing embodiment, as shown in fig. 4, an embodiment of the present application further provides a security vulnerability defense system applying the security vulnerability defense method, including: the system comprises a detection unit, a vulnerability analysis unit and a control unit, wherein the control unit is configured to:
s1: the control detection unit detects the system to be detected and outputs a detection result;
s2: judging whether the detection result contains security holes or not, if the detection result contains at least one security hole, performing hole analysis on each security hole by using a hole analysis unit and generating a corresponding security task;
s3: and respectively starting the security tasks to defend the security holes, and retesting the security holes in response to the repair identifications of the security holes.
In this embodiment, when security vulnerabilities are defended, the control unit controls the detection unit to detect the system to be tested and output a detection result, and determines whether the detection result includes a security vulnerability, if at least one security vulnerability is included, the vulnerability analysis unit is enabled to perform vulnerability analysis on each security vulnerability and generate corresponding security tasks, and the control unit is enabled to start the security tasks respectively to defend the security vulnerabilities. Therefore, a closed-loop defense of detecting the security hole, generating the security task, starting the security task to push the hole, modifying the hole and retesting is formed, and the problems that the security detection tool in the prior art has single function, needs to be used in a combined way, cannot repair the security hole directly, and cannot adapt and expand when facing complex service scenes are solved. The efficiency of detecting the security hole and repairing the security hole is improved, and the life cycle of managing the security hole is shortened.
For convenience of description, the above system is described as being functionally divided into various units, respectively. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing one or more embodiments of the present description.
Since the security breach defense system provided in the embodiment of the present application corresponds to the security breach defense system provided in the above embodiments, the foregoing embodiment is also applicable to the method for testing a liquid crystal display provided in the embodiment, and will not be described in detail in the embodiment.
Another embodiment of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements: s1: detecting a system to be detected and outputting a detection result; s2: judging whether the detection result contains security holes or not, and if the detection result contains at least one security hole, performing hole analysis according to each security hole and generating a corresponding security task; s3: and respectively starting the security tasks to defend the security holes.
In practical applications, the computer-readable storage medium may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
As shown in fig. 5, another embodiment of the present invention provides a schematic structural diagram of a computer device. The computer device 12 shown in fig. 5 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in FIG. 5, the computer device 12 is in the form of a general purpose computing device. Components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, commonly referred to as a "hard disk drive"). Although not shown in fig. 5, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the computer device 12, and/or any devices (e.g., network card, modem, etc.) that enable the computer device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. Moreover, computer device 12 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 20. As shown in fig. 5, the network adapter 20 communicates with other modules of the computer device 12 via the bus 18. It should be appreciated that although not shown in fig. 5, other hardware and/or software modules may be used in connection with computer device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processor unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, for example, to implement a security breach defense method provided by an embodiment of the present invention.
It should be understood that the foregoing examples of the present invention are provided merely for clearly illustrating the present invention and are not intended to limit the embodiments of the present invention, and that various other changes and modifications may be made therein by one skilled in the art without departing from the spirit and scope of the present invention as defined by the appended claims.

Claims (7)

1. A security breach protection method, comprising:
s1: detecting the system to be detected and outputting a detection result, and further comprising:
s11: scanning the program code of the system to be tested according to a preset safety use case and outputting a first detection result, wherein the method comprises the following steps ofThe security case is a java package
S12: actively attacking the system to be detected according to a preset threat use case and outputting a second detection result, wherein the preset threat use case is a zap tool;
s2: judging whether the detection result contains security holes, if so, performing hole analysis according to each security hole and generating a corresponding security task, and further comprising:
s21: importing the first detection result into a preset vulnerability analysis model and outputting a first vulnerability analysis result, wherein the first vulnerability analysis result comprises a vulnerability position corresponding to the security vulnerability;
s22: generating a security task corresponding to the security vulnerability according to a preset vulnerability comparison table and the vulnerability position, wherein the security task comprises a push address corresponding to the security vulnerability and research and development responsible person information of the security vulnerability searched from the vulnerability comparison table so as to repair the security vulnerability;
s3: respectively starting the security tasks to defend the security hole, retesting the security hole in response to the repair identification of the security hole, and further comprising:
s31: pushing the corresponding security hole according to the push address to repair the security hole.
2. The security breach defense method of claim 1, further comprising:
and presenting the detection result, the security hole, the security task and the defending result through a visual operation interface.
3. The security breach defense method of claim 1, wherein S1 further comprises:
s13: and detecting the system to be tested in response to the input test instruction and outputting a third detection result.
4. A security breach defense method according to any of claims 1-3,
before the step S1, the security hole defending method further includes: formulating a security detection event of the system to be tested based on threat management;
the step S1 further comprises the following steps: and detecting the system to be detected periodically based on the safety detection event.
5. A security breach defense system applying the security breach defense method according to any one of claims 1-4, comprising a detection unit, a breach analysis unit, and a control unit configured to:
s1: the control detection unit detects the system to be detected and outputs a detection result, and the control detection unit further comprises: s11: scanning the program code of the system to be tested according to a preset safety use case and outputting a first detection result, wherein the method comprises the following steps ofThe security case is a java packageThe method comprises the steps of carrying out a first treatment on the surface of the S12: actively attacking the system to be detected according to a preset threat use case and outputting a second detection result, wherein the preset threat use case is a zap tool;
s2: judging whether the detection result contains security holes, if so, performing hole analysis on each security hole by using a hole analysis unit and generating a corresponding security task, and further comprising: s21: importing the first detection result into a preset vulnerability analysis model and outputting a first vulnerability analysis result, wherein the first vulnerability analysis result comprises a vulnerability position corresponding to the security vulnerability; s22: generating a security task corresponding to the security vulnerability according to a preset vulnerability comparison table and the vulnerability position, wherein the security task comprises a push address corresponding to the security vulnerability and research and development responsible person information of the security vulnerability searched from the vulnerability comparison table so as to repair the security vulnerability;
s3: respectively starting the security tasks to defend the security hole, retesting the security hole in response to the repair identification of the security hole, and further comprising: s31: pushing the corresponding security hole according to the push address to repair the security hole.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-4.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-4 when the program is executed by the processor.
CN202210484476.1A 2022-05-06 2022-05-06 Security vulnerability defending method, system, computer equipment and storage medium Active CN115080977B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210484476.1A CN115080977B (en) 2022-05-06 2022-05-06 Security vulnerability defending method, system, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210484476.1A CN115080977B (en) 2022-05-06 2022-05-06 Security vulnerability defending method, system, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115080977A CN115080977A (en) 2022-09-20
CN115080977B true CN115080977B (en) 2023-06-30

Family

ID=83246763

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210484476.1A Active CN115080977B (en) 2022-05-06 2022-05-06 Security vulnerability defending method, system, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115080977B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063755A (en) * 2017-11-08 2018-05-22 携程旅游信息技术(上海)有限公司 vulnerability scanning method, system, storage medium and electronic equipment
CN113626825A (en) * 2021-07-21 2021-11-09 南京星云数字技术有限公司 Security vulnerability management and control method, device, equipment and computer readable medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10380006B2 (en) * 2015-06-05 2019-08-13 International Business Machines Corporation Application testing for security vulnerabilities
CN108197476B (en) * 2017-12-27 2020-12-08 中国信息通信研究院 Vulnerability detection method and device for intelligent terminal equipment
CN110460571B (en) * 2019-07-05 2022-11-04 深圳壹账通智能科技有限公司 Business system vulnerability processing method and device, computer equipment and storage medium
CN111104675A (en) * 2019-11-15 2020-05-05 泰康保险集团股份有限公司 Method and device for detecting system security vulnerability
CN113886837A (en) * 2021-10-20 2022-01-04 前锦网络信息技术(上海)有限公司 Vulnerability detection tool credibility verification method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063755A (en) * 2017-11-08 2018-05-22 携程旅游信息技术(上海)有限公司 vulnerability scanning method, system, storage medium and electronic equipment
CN113626825A (en) * 2021-07-21 2021-11-09 南京星云数字技术有限公司 Security vulnerability management and control method, device, equipment and computer readable medium

Also Published As

Publication number Publication date
CN115080977A (en) 2022-09-20

Similar Documents

Publication Publication Date Title
US8752182B2 (en) Pinpointing security vulnerabilities in computer software applications
US8695098B2 (en) Detecting security vulnerabilities in web applications
CN110929264B (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN111859375A (en) Vulnerability detection method and device, electronic equipment and storage medium
CN108595952A (en) A kind of detection method and system of electric power mobile application software loophole
CN111783096B (en) Method and device for detecting security hole
CN111984975B (en) Vulnerability attack detection system, method and medium based on mimicry defense mechanism
CN112181833A (en) Intelligent fuzzy test method, device and system
CN113688398B (en) Vulnerability scanning result evaluation method, device and system
CN112035354A (en) Method, device and equipment for positioning risk code and storage medium
US11449408B2 (en) Method, device, and computer program product for obtaining diagnostic information
CN110717184A (en) Distributed safety test system
CN115361203A (en) Vulnerability analysis method based on distributed scanning engine
WO2021243574A1 (en) Detection method for user information acquisition in violation of regulations and related device
CN112632547A (en) Data processing method and related device
CN115080977B (en) Security vulnerability defending method, system, computer equipment and storage medium
CN112565244A (en) Active risk monitoring method, system and equipment for website projects
CN115454856B (en) Multi-application security detection method, device, medium and electronic equipment
CN110555308B (en) Terminal application behavior tracking and threat risk assessment method and system
CN116010254A (en) Performance detection method and system in system research and development stage
CN111274585B (en) Method, device, equipment and medium for detecting unauthorized vulnerability of Web application
CN114662120A (en) Patch management method and device
CN113157576A (en) Application program safety detection method and device and electronic equipment
CN113032785A (en) Document detection method, device, equipment and storage medium
CN113420302A (en) Host vulnerability detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant